The hacker who successfully used a fingerprint captured from an iPhone to fool Touch ID now believes it may be possible to perform the same hack without needing access to a physical fingerprint. Speaking at this year’s Chaos Computer Club convention, Jan Krissler – who uses the alias Starbug – demonstrated how a fingerprint can be generated from a series of ordinary photographs of someone’s finger … Read more

Following an announcement earlier this year that Apple was teaming up with IBM to deliver a number of enterprise solutions, today Apple has officially announced the first wave of iOS apps being released through the partnership. As part of IBM’s “MobileFirst for iOS,” Apple and IBM today announced 10 new apps designed specifically for businesses including banking, retail, insurance, financial services, telecommunications and for governments and airlines.

“This is a big step for iPhone and iPad in the enterprise, and we can’t wait to see the exciting new ways organizations will put iOS devices to work,” said Philip Schiller, Apple’s senior vice president of Worldwide Marketing. “The business world has gone mobile, and Apple and IBM are bringing together the world’s best technology with the smartest data and analytics to help businesses redefine how work gets done.”

The apps launching today through the partnership include Plan Flight and Passenger+ for the travel industry, Advise & Grow and Trusted Advice for the banking and financial industries, Retention (insurance), Case Advice and Incident Awarefor government, Sales Assist and Pick & Pack for retail, and Expert Tech for telecommunications industries. Apple notes that the apps offer customizable experiences and are “managed and upgraded via cloud services from IBM specifically for iOS devices.”

In addition to the new apps, which Apple described in more detail in its press release below, Apple noted other services that will go hand-in-hand with the apps. Those include integration with IBM’s Mobile Platform and Enterprise solutions as well as AppleCare for the Enterprise, Apple’s new business specific tech support service introduced as part of the IBM deal.

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required … Read more

Apple has issued a new update for Adobe’s Flash Player browser plugin. The update fixes “a recently-identified Adobe Flash Player web plug-in vulnerability,” according to Apple’s website. Users will be automatically prompted to install the update when visiting a page that uses Flash Player.

The prompt in Safari will take users to the Flash Player download page on Adobe’s website. Users who haven’t yet seen the prompt can also go there to download the update now.

According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child. Read more

[Ed. note: Jason Stern is a Criminal Defense Attorney in private practice in New York City]

8:34 am. A college professor receives a text message threatening to blow up the history building. The professor immediately contacts law enforcement, who trace the origin of the call to a student who lives off-campus.

When FBI agents arrive at the student’s residence, they arrest the student and seize his smartphone. In an attempt to search the device to recover evidence of the crime (and perhaps stop other related crimes), they find the smartphone is protected by fingerprint security measures.

With the suspect in handcuffs, the agent swipes the student’s finger across the phone to access his call history and messages. Once the FBI swipes the suspect’s finger and bypasses the biometric security, the phone asks for the student’s passcode. The FBI agent asks for his password but the student refuses to speak. How can the FBI agent access the phone? Whereas a fictional Federal Agent like Jack Bauer would simply pull out his gun, jam it in the suspect’s mouth and scream, “WHERE IS THE BOMB?”, in our example, the FBI agent would hit the proverbial brick wall.

Yes, the phone could be brought back to the lab for analysis and hacking by forensics personnel, but the suspect in this case could not be forced to disclose the password on the phone… Read more

CurrentC, the much discussed infamous competitor to the Apple Pay mobile payments platform, has some more bad press coming its way. According to an email sent out this morning to its pilot program customers, the MCX service has already been hacked. According to the notice, “unauthorized third parties” obtained email address information for an unannounced number of users:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

For those not following the MCX vs. Apple Pay saga, MCX powers a payments platform utilized by key retailers such as WalMart, CVS, and RiteAid. After initially supporting NFC-based payments via Apple Pay and Google Wallet, those aforementioned retailers shut down their industry standard NFC-based payment processing systems in favor of the CurrentC app from MCX.

Update: Apple is aware of the attack, via CNBC. As expected, Apple’s own servers were not compromised.

Although unconfirmed, GreatFire is reporting that Apple is now the subject of Chinese government hacking attempts. According to the report, the government is using the institutional firewall to redirect traffic directed at iCloud.com to a fake page that resembles the iCloud.com interface almost perfectly.

Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.

A few days ago Apple published a new privacy page on its website that detailed the various measures it has put in place to protect Mac and iOS users’ personal data. One of those features, which is new in iOS 8, is the automatic randomization of MAC addresses when the device is searching for a Wi-Fi network. This makes it much more difficult to track a device by seeing which Wi-Fi networks have spotted its unique identifier.

A new two-part study by AirTight Networks into how well this security feature works has turned up some interesting results, including several conditions that will stop the phone from randomizing a MAC address. Part one of the study breaks down what exactly needs to happen in order to start this function…